New XDR solution from Sophos

24 May 2021
| No comments
SophosXDR

Share post

New XDR solution from Sophos synchronizes endpoint, server, firewall and email security. Sophos XDR extends next generation security solutions with new EDR functions and thus creates a comprehensive and integrated threat detection and response system.

Today Sophos introduces its new solution, Sophos XDR. It is the only Extended Detection and Response (XDR) solution in the industry that synchronizes endpoint, server, firewall and email security. With this comprehensive and integrated approach, Sophos XDR offers a holistic overview of a company's security environment, combined with a comprehensive data set and in-depth analysis options for the detection and investigation of cyber threats, including appropriate response measures. In this way, even the most sophisticated attacks can be fended off - especially those that use multiple access points and initially move inconspicuously in the network in order to avoid detection.

Detailed threat analysis

The heart of Sophos XDR is one of the most extensive data sets in the industry: On the one hand, up to 90 days of on-device data and, on the other hand, up to 30 days of cross-product data are stored in the cloud-based data lake. The unique approach of combining on-device and data lake forensics provides comprehensive and contextual insights. These can be used by security analysts via Sophos Central and open application programming interfaces (APIs) to integrate them into the following systems: Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), Professional Service Automation (PSA) and Remote Monitoring and Management (RMM).

The data lake contains critical information from Intercept X, Intercept X for Server, Sophos Firewall, and Sophos Email. Sophos Cloud Optix and Sophos Mobile will also be fed into the data collection later this year. This enables security and IT teams to easily access this data to conduct cross-product threat investigations and quickly get granular details on past and current attack activity. The availability of offline access to historical data also protects against lost or compromised devices.

New EDR version

SophosXDR

New XDR solution from Sophos synchronizes endpoint, server, firewall and email security (Screen: Sophos).

Sophos has also released a new version of its industry-leading endpoint detection and response solution, Sophos EDR. New time-controlled queries and customizable contextual pivoting functions offer security analysts and IT administrators a quick and precise identification and investigation of security problems in order to be able to react quickly and purposefully. Thanks to the integration with the data science tool SophosLabs Intelix, the new version provides preconfigured queries and powerful threat intelligence functions. Sophos EDR customers can access data in the data lake that is hosted in the cloud for seven days (expandable to 30 days). With on-device data, this is possible for up to 90 days.

Sophos Adaptive Cybersecurity Ecosystem

Sophos XDR and EDR are part of the Sophos Adaptive Cybersecurity Ecosystem (ACE), a new, open security architecture to optimize threat prevention, detection and response. Sophos ACE leverages automation and analysis as well as the collective input of Sophos products, partners, customers, developers and other security providers. In this way, this architecture creates a protection that is continuously improving; the system is constantly learning and developing. Sophos ACE builds on an extensive collection of data and correlates actionable insights from Sophos solutions and services as well as threat intelligence from SophosLabs, Sophos AI and the Sophos Managed Threat Response team. Open application programming interfaces (APIs) enable customers, partners and developers to create tools and solutions that interact with the system and take advantage of existing integrations. Sophos is leading the industry with this approach and is already working with many vendors.

Learn from data collections

The importance of an interacting IT security system based on as many data sets as possible becomes clear in the new Sophos study "Intervention halts a ProxyLogon-enabled attack", which describes an attack on a large company. The attack began with the attackers compromising an Exchange server with the current ProxyLogon exploit and moving unnoticed through the network. Over a period of two weeks, they were able to steal account login information, compromise domain controllers and settle on multiple computers. In doing so, they used a commercial remote access tool to maintain access to the hacked computers and to distribute a number of malicious programs. The study shows that the attackers kept coming back. Sometimes they use the same tool, such as Cobalt Strike, but sometimes other tools on different computers. They used a commercial remote access program rather than the more standard RDP that IT security professionals typically look for.

Survey: 54 percent of IT managers need help

Dan Schiappa, Chief Product Officer at Sophos. “The report highlights the complexity of human cyberattacks and shows how difficult it is for IT security teams to track and contain multi-level, multi-vector incidents. Often times, it is simply impossible to keep up with the attack activity that has been occurring in all parts of the organization. According to the Sophos State of Ransomware report published at the end of April, this problem is widespread. More than 54 percent of the IT managers surveyed said that cyber attacks are too advanced for their IT teams to deal with on their own. XDR is an important defense component here. "

More at Sophos.com

 

About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

 

PR News, Sophos
, , , ,